针对车载以太网通信数据安全和密钥安全问题,创新设计了基于动态密钥的车载以太网安全通信方法.建立车载以太网安全威胁攻击树模型,分析其面临的安全威胁.构建应对安全威胁的车载以太网安全通信方法总体架构.设计动态密钥算法模型,生成隐式动态密钥.设计基于动态密钥的安全通信方法,将原始数据通过动态密钥加密传输,生成摘要并在接收端进行摘要对比处理.通过Linux上位机、I.MX6ULL单片机和Windows设备模拟域间通信及网络攻击过程,将密钥、密文、明文进行差异度对比,同时对通信过程进行攻击,借助Wireshark软件分析通信过程中的数据交互.结果表明:该方法能有效保证密钥安全及车载以太网数据的机密性、新鲜性、真实性和完整性,且能有效应对篡改攻击与重放攻击.
Abstract
For the security concerns of communication data and key in automotive ethernet, an automotive ethernet security communication method based on dynamic keys was innovatively designed. The attack tree model for automotive ethernet security threats was established to analyze the faced security threats. The comprehensive architecture for automotive ethernet security communication methods was constructed to address the threats, and the dynamic key algorithm model was designed to generate implicit dynamic keys. The secure communication method based on dynamic keys was designed to encrypt original data through dynamic keys, and the digests were generated and compared at the receiving end. Communication and network attack processes between domains were simulated using Linux-based systems, I.MX6ULL microcontrollers and Windows devices, and the difference degrees of keys, ciphertexts and plaintexts were compared. The communication process was attacked to analyze the data interactions by Wireshark software. The results show that the proposed method can effectively ensure the key security and the confidentiality, freshness, authenticity and integrity of automotive ethernet data, and it can effectively counter tampering attacks and replaying attacks.
关键词
车载以太网 /
信息安全 /
动态密钥 /
安全通信 /
对称加密 /
机密性 /
完整性 /
真实性
{{custom_keyword}} /
Key words
automotive ethernet /
information security /
dynamic key /
secure communication /
symmetric encryption /
confidentiality /
integrity /
authenticity
{{custom_keyword}} /
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1]NAVALE V M, WILLIAMS K, LAGOSPIRIS A, et al. (R)evolution of E/E architectures [J]. SAE Internatio-nal Journal of Passenger Cars-Electronic and Electrical Systems, 2015,8(2):282-288.
[2]呼布钦,秦贵和,刘颖,等.下一代汽车网络:车载以太网技术现状与发展[J].计算机工程与应用,2016,52(24):29-36.
HU B Q, QIN G H, LIU Y, et al. Next generation automotive network:technology status and development of automotive ethernet in-vehicle network[J]. Computer Engineering and Applications, 2016, 52(24):29-36.(in Chinese)
[3]SMIRNOV F. Design and evaluation of ethernet-based E/E-architectures for latency-and safety-critical appli-cations[D]. Erlangen, Germany: Friedrich-Alexander-Universitt Erlangen-Nürnberg, 2019.
[4]HU Q, LUO F. Review of secure communication approaches for in-vehicle network [J]. International Journal of Automotive Technology, 2018,19(5):879-894.
[5]邬江兴.智能网联汽车内生安全问题与对策 [J].重庆邮电大学学报(自然科学版),2023,35(3):383-390.
WU J X. Endogenous security problems and countermeasures of intelligent connected vehicle [J]. Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2023,35(3):383-390. (in Chinese)
[6]JEONG S, JEON B, CHUNG B, et al. Convolutional neural network-based intrusion detection system for AVTP streams in automotive ethernet-based networks [J]. Vehicular Communications, DOI:10.1016/j.vehcom.2021.100338.
[7]JO W, KIM S J, KIM H, et al. Automatic whitelist ge-neration system for ethernet based in-vehicle network [J]. Computers in Industry,DOI:10.1016/j.compind.2022.103735.
[8]SALEM M, MOHAMMED M, RODAN A. Security approach for in-vehicle networking using blockchain technology [J]. Lecture Notes on Data Engineering and Communications Technologies, 2019,29: 504-515.
[9]LI J M, FU S, WU Y J, et al. High-efficiency encryption and authentication network security for automotive ethernet [J]. International Journal of Modeling and Optimization,2022,12(2):36-42.
[10]WANG C T, QIN G H, ZHAO R, et al. An information security protocol for automotive ethernet [J]. Journal of Computers, 2021, 32(1): 39-52.
[11]李彤,李博,常成,等. 基于攻击树的LoRaWAN安全威胁建模[J]. 通信技术, 2018, 51(11): 2695-2701.
LI T, LI B, CHANG C, et al. Attack tree-based mode-ling of LoRaWAN security threat[J]. Communications Technology, 2018, 51(11):2695-2701.(in Chinese)
[12]LALLIE H S, DEBATTISTA K, BAL J. A review of attack graph and attack tree visual syntax in cyber security[J]. Computer Science Review, DOI: 10.1016/j.cos-rev.2019.100219.
{{custom_fnGroup.title_cn}}
脚注
{{custom_fn.content}}
基金
北京市长城学者培养计划项目(CIT&TCD20190304)
{{custom_fund}}